Data management policy
I. Purpose and Scope of the Regulations
The purpose of this Policy is to record the privacy and management principles employed by Happy-Dent Trade and the company’s privacy and management policy, which is recognized by the Company as a Data Controller.
This Policy includes the principles of managing Personal Data as a result of online shopping on the CocoLux webshop (cocolux.hu – hereinafter Webshop).
In developing the provisions of the Code, the company has taken particular account of the provisions of Act No 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), Act CXII of 2011 on Information Self-determination and Freedom of Information. (“Act”), Act V of 2013 on the Civil Code (“Act”), and Act XLVIII of 2008 on the Fundamental Terms and Limitations of Commercial Advertising Activity (“Infotv.”) (“Grtv.”).
Unless otherwise stated, the scope of this Code does not cover the services and data management of websites, service providers that are subject to a link on the Webshop covered by the Code. Such services are governed by the provisions of the third party’s third-party data management information and the Data Manager does not assume any liability for such data handling.
II. Concept Definitions
2.1. Data Management: irrespective of the method used, any work on the Personal Data or all of the operations, including the collection, recording, organization, tagging, storage, transformation, modification, use, retrieval, access, use, communication, transmission, dissemination or otherwise disclosure, disclosure, alignment, or interconnection, restriction, deletion and destruction.
2.2. Data Manager: who determines the purposes and tools of Data Management, independently or with others.
For services referred to in these Rules as a controller:
Happy-Dent Trade Ltd. (1119, 107 .; Tétényi road registration number: 01-09-361534, tax number. 10939701-2-43; hereinafter. Data Management
is a registered Data Controller of the Hungarian economy a company that primarily carries out commercial services and provides services available through the Webshop related to this principal activity.
2.3. Personal Data or Data: any data or information that allows a natural person to identify, indirectly or indirectly.
2.4. Data Processor: a service provider who manages personal data on behalf of the Data Manager.
For the services referred to in this Policy, Data Processors may be:
a) Marekkel Sándor 31340 Mirepoix Sur Tarn, 230 Route De Layrac France (80408496000017) – account management
2.5. Webshop: the webshop operated by the Data Handler at https://cocolux.hu URL and the Web pages of this Webshop.
2.6. Service (s): Services operated by the Data Controller and provided by the Data Controller that are available on the Webshop.
2.7. User: the natural person who signs up for the Services and in this context gives the following III. .
2.8. External Provider: Third Party Service Providers who are either directly or indirectly associated with the provision of the Services by the Data Controller for the operation of the Webshop or through the Webshop. Personal data may be transferred or may be transferred to Personal Data Managers data can be transmitted.
Service providers who are not in cooperation with the Data Handler also qualify as external service providers, but by having access to the Website of the Services, they collect data from the Users who may be able to identify the User either individually or in combination with other data.
The external service providers referred to in this Code may be:
a. PayPal (Europe) S.àr.l. etCie, SCA (RCS Luxembourg B 118 349)
b. Tárhely.Eu Kft. (Headquarters: 1144 Budapest, Ormánság utca 4.X. floor 241, company registration number: 01-09-909968, tax number: 14571332-2-42) – storage, server service
. GLS General Logistics Systems Hungary Packaging Logistics Ltd. (headquarters: 2351 Alsónémedi, GLS Europe, 2, company registration number: 13-09-111755, tax number: 12369410-2-44 – home delivery of ordered products
2.9. Policy: This Data Handling Policy of the Data Manager.
IV. The scope of the Personal Data Handled
4.1. At the discretion of the User, the Data Manager can access the following data related to the access to the services available through the Webshop:
• Billing information: first name, last name, company name, tax identification number, country, street, city, province, postal code, telephone number, e-mail
• Shipping data: first name, last name, company name, country, street, town, county, postcode
• Order details: products and number of items, chosen mode of delivery, choice of payment method (for PayPal payment method further details: payer’s first name, payer’s first name, PayPal identifier, type of payment, PayPal transaction cost,
b Contact (if question is filed in the contact form) :
Full name, company name, phone number, e-mail address, question text, date of question submission.
c. Technical details:
Date of registration.
4.2. If the User sends an e-mail (eg message) to a Service, the Data Handler records the User’s e-mail address and handles it to the extent and time required to provide the service.
4.4. Regardless of the foregoing, it may happen that a service technically linked to the operation of the Services, without informing the Data Managers, is engaged in data management activities on the Webshop. Such activity is not considered Data Management by Data Manager. The Data Handler will do its utmost to prevent and block such data processing.
Data stored in cookies (cookies): user session session, current basket contents.
V. The purpose and the legal basis of Data Management
5.1. The purpose of data management by the Data Controller is to:
a. fulfillment of online shopping and the necessary processes;
b. identification of the User, contact with the User;
c. managing and managing unique user requests;
d. producing statistics and analyzes;
e. the technical development of the IT system;
f. protecting the rights of users;
g. validating the legitimate interests of the Data Controller.
The Data Manager may manage Personal Data to accomplish any of the data management objectives described above.
The Data Manager does not use the Personal Data provided for purposes other than those set out in these points.
5.2. The Data Management is based on the User’s voluntary, informed statement, which includes the express consent of the User to use their Personal Data and the Personal Data generated by them during the use of the Site. The User is entitled to revoke his consent at any time in the case of consent-based data handling, which, however, does not affect the lawfulness of the pre-revocation of data handling.
The Data Manager shall record the User’s IP address in connection with the provision of the Service in connection with the legitimate interest of the Data Controller and the legitimate provision of the Service (eg for the purpose of eliminating unlawful use or unlawful content) without the User’s consent.
In the context of content delivery, in addition to the voluntary consent of the User, the legitimate interest of the Data Controller as well as the fundamental rights to the provision of information and the expression of the opinion may be the legal basis for the processing of data in connection therewith, within the limits set by the law.
In the event that the legal basis of the Data Handling is a legitimate interest of the Data Controller, the Data Handler has performed and will continue to carry out an interest weighing test in the future in accordance with the relevant provisions of the GDPR, which confirms that the data subject’s legitimate interest in the Data Management is stronger than the Data Management related rights and szabadságainál. In case of a request from the Data Handler, the Data Handler informs the person concerned of the contents of this paragraph as described in these Rules.
5.3. Data Transfers for Data Processors as defined in these Rules may be made without the user’s own consent. Issuance of personal data to a third party or authorities – unless otherwise provided by law – is solely based on an authority decision or at the express prior consent of the User.
5.4. When submitting any user’s email address and registration information, you are also responsible for entering the e-mail address or email address you entered. using the information provided by him only uses the service. With respect to this responsibility, any liability associated with any given access to a given e-mail address and / or data shall be borne exclusively by the User who has registered the e-mail address and entered the data.
VI. Principles and methods of data management
6.1. The Data Controller manages the Personal Data in accordance with the principles of good faith and fairness and transparency, as well as the provisions in force and the provisions of this Code.
6.2. The Personal Data is indispensable for the use of the Services by the Data Controller based on the consent of the User concerned and solely on purpose.
6.3. The Data Controller shall only disclose Personal Data in the present Rules and Regulations. for the purposes specified in the relevant legislation. The scope of the Personal Data handled is proportionate to the purpose of Data Management and can not be expanded.
In all cases where the Personal Data is intended to be used by the Data Controller for purposes other than the purpose of the original recording, he / she shall inform the User of this and obtain his or her prior express consent or give him the opportunity to prohibit the use.
6.4. The Data Manager does not control the personal data you enter. Only the person who gave it will be responsible for the compliance of the provided Personal Data.
6.5. The personal data of a person who has not reached the age of 16 can only be treated if the adult consent of parental control is over. The Data Controller is not in a position to control the rights of the contributing person or the content of his / her statement, so that the User or the person exercising parental control over it ensures that the consent is in compliance with the law. In the absence of a contributing statement, the Personal Data relating to the data subject who has not reached the age of 16, except the IP address used for the use of the Service, which may be automatically recorded due to the nature of the Internet services, will not be collected.
6.6. The Data Manager shall pass the Personal Data it manages to the Data Processors specified in these Regulations and to any third party outside of the External Providers in the cases referred to in these Regulations.
Except as provided in this clause, the use of the data in a statistically aggregated form that can not contain any other data capable of identifying the User concerned shall not constitute Data Management or Data Transmission.
In certain cases – in the case of official court, police inquiries, legal proceedings, property or other breaches, or due to their reasonable suspicion, the Data Controller may violate the Data Manager’s interests, endanger the provision of Services, etc. – make available to the third parties the Personal Data available to the User concerned.
6.7. The Data Handler is responsible for correcting, limiting or limiting the personal data it manages. deletes the affected User and informs those who previously transferred Personal Data for Data Management. Notification may be omitted if it does not prejudice the legitimate interest of the data concerned for the purposes of Data Management.
6.8. The Data Controller shall ensure the security of Personal Data, take the technical and organizational measures and establish the procedural rules that ensure that the recorded, stored or managed data are protected or preventing accidental loss, unauthorized destruction, unauthorized access, unauthorized use and unauthorized alteration or unauthorized disclosure. In order to comply with this obligation, the Data Controller invites all third parties to whom Personal Data is transmitted.
6.9. In view of the relevant provisions of GDPR, the Data Controller is not obliged to designate a Data Protection Officer.
VII. The duration of the Data Handling
7.1. In the case of emails sent by the User, the requested Data Administrator will cancel the email address on the 90th day following the closure of the request referred to in the request, except in the case in which case the Data Controller has a legitimate interest in further processing of the Personal Data until such legitimate interest is maintained.
7.2. The User’s Personal Data Management is maintained until the User has signed up for the Service or otherwise does not request the deletion of Personal Data by sending an e-mail to firstname.lastname@example.org. In this case, Personal data will be deleted from the Data Management System.
Personal Data provided by the User may be handled by the Data Manager until the User expressly requests them in writing to terminate their Data Management. The request for termination of the User Data Unsubscription request does not affect the right to use the Service, however, you may not be able to access certain Services in the absence of Personal Data.
7.3. Unauthorized, Misleading In the event of the use of Personal Data or in the event of an offense or system attack committed by the User, the Data Controller shall be entitled to delete Personal Data at the same time as the User’s registration is terminated. However, in the event of suspicion of a criminal offense or civil liability, for a period of time.
7.4. If a court or authority has finally ordered the deletion of Personal Data, the deletion will be executed by the Data Controller. Instead of deleting, the Data Handler restricts the use of Personal Data, while informing the User, if the User so requests or if, based on the information available to him, it may be assumed that deletion would undermine the legitimate interest of the User. The Personal Data shall not be cleared by the Data Manager until such time as the Data Management Purpose is excluded that excludes the deletion of Personal Data.
VIII. The Rights of the User, the way they are enforced
8.1. The User may request that the Data Controller informs him that he or she manages the User’s personal data and, if so, has access to the Personal Data he or she manages.
You may also request information from the User’s Personal Data Management by registered mail or by registered mail with acknowledgment of receipt by e-mail to email@example.com.
The information request sent by the letter will be considered credible by the Data Manager if the User is clearly identifiable on the basis of the request sent. By requesting information by e-mail, the Data Manager will only consider it authentic if it is sent by the User from the registered e-mail address, but does not preclude the Data Manager from identifying the User before providing the information.
The request for information may cover the data of the User managed by the Data Controller, their source, the purpose, the legal basis, the duration of the Data Processing, any Data Processor’s names and addresses, the Data Management related activities and, in the case of the transmission of Personal Data, who and for what purpose the user’s information.
8.2. The User may request a correction or modification of the Personal Data handled by the Data Controller. Taking into account the purpose of Data Management, the User may request the addition of incomplete Personal Data.
After completing a request to modify your personal data, the previous (deleted) data can no longer be recovered.
8.3. The User may request the deletion of the Personal Data handled by the Data Handler. Cancellation can be denied (a) for the purpose of exercising the right to freedom of expression and access to information, or (b) where a statute authorizes the processing of Personal Data; and (c) submitting, enforcing, or protecting legal claims.
In any case, the Data Handler informs the User of the denial of the cancellation request, indicating the reason for the cancellation of the cancellation. After the request for deletion of personal data, previous (deleted) data can no longer be recovered.
8.4. The User may request that his or her personal data is handled by the Data Controller if the User disputes the accuracy of the Personal Data Handled. In this case, the restriction refers to the time period that the Data Controller may check for the accuracy of Personal Data. The Data Controller denotes the Personal Data it manages if the User disputes its accuracy or accuracy, but the incorrect or imprecise nature of the disputed Personal Data can not be ascertained clearly.
The User may request that his or her personal data is handled by the Data Controller even if Data Management is illegal, but the User opposes the deletion of the treated Personal Data and instead asks for their use limitation.
The User may also request that the processing of his Personal Data is restricted by the Data Controller if the purpose of the Data Management is achieved but the User requests their Data Management to handle, enforce, or protect legal claims.
8.5. The User may request that the Data Handler hand over and / or transfer it to another Data Controller by means of a machine readable and widely used machine-readable and personalized information provided by the User and processed by the User.
8.6. The User may object to the processing of Personal Data (a) if the processing of Personal Data is only required to fulfill the legal obligation of the Data Controller or to enforce the legitimate interest of the Data Controller or third party; (b) if the purpose of Data Management is to acquire direct business, opinion poll or scientific research; or (c) if Data Management is performed in the interest of a public interest task.
The Data Controller examines the legitimacy of the User’s protest and, if it establishes the validity of the protest, terminates the Data Management and retains the Personal Data processed, and notifies the protest and any action taken against it for any person for whom the Personal Data affected by the protest was previously forwarded.
IX. Data processing
9.1. For the purposes of performing the activities of the Data Controller, the Data Processing Processors referred to in this Regulation shall use the above mentioned Data Processors.
9.2. Data processors will not make a separate decision, only the contract with the Data Manager and the right to proceed with the instructions received. After Data Processing May 25, 2018, personal data transmitted and processed or processed by the Data Controller are recorded, processed and processed in accordance with the provisions of the GDPR. and make a statement to the Data Controller.
9.3. The Data Controller checks the work of Data Processors.
9.4. Data processors are only entitled to use the data processor with the consent of the Data Manager.
X. External service providers
10.1. In many cases, the Data Controller uses Service Providers in connection with the provision of Services, which the Data Manager cooperates with External Providers.
10.2. Webanalitical and Ad Server External Providers
In connection with the Services pages, the Data Management web analytics and ad server works with External Providers.
E External service providers can access the user’s IP address, and can create their own cookies on the user’s device for analysis and statistics.
Webanalitical and ad server that cooperates with the Data Manager External Providers: Facebook Inc., Google LLC,
10.3. Contracted External Providers Contracted External
Providers used by the Data Controller to Provide Services, which is co-operated by External Data Providers with PayPal (Europe) S.àr.l. etCie, SCA; GLS General Logistics Systems Hungary Packaging Logistics Ltd. (headquarters: 2351 Alsónémedi, GLS Europe, 2, company registration number: 13-09-111755, tax number: 12369410-2-44 – home delivery of ordered products
10.4. Other External Service Providers
There are External Providers with which the Data Controller is not in a contractual relationship or intentionally does not cooperate with the given data management but still have access to the Webshop / Services and thus collect data from Users or the Data Operator’s Webshop user activities occasionally, individually or in combination with other data collected by this External Provider, may be suitable for identifying the User.
Such External Operators may, in particular but not limited to: Facebook Inc., Google LLC, Instagram LLC., PayPal (Europe) S.àr.l. etCie, SCA, YouTube LLC
XI. Possibility of data transfer
11.1 The Data Controller is entitled and obliged to transmit to the competent authorities any personal data that is available to him and which he or she has legally stored, which is required by law or by a statutory obligation to transmit Personal Data. Due to such data transfer and the resulting consequences, Data Controller can not be held responsible.
11.2 The Data Controller shall keep a data transfer record for the legality of the data transfer and to ensure that the User is informed.
12.1. The Data Controller reserves the right to change this Policy at any time by its unilateral decision.
XIII. Law Enforcement Options
13.1. You can search the data manager at firstname.lastname@example.org by contacting any data management related questions or observations.
13.2. The User directly complains to the National Data Protection and Information Authority (1125 Budapest, Erzsébet Szilágyi fasor 22 / c, phone: + 36-1-391-1400, e-mail: email@example.com, website: www.naih.hu).
13.3. In the event of a violation of the User’s rights, you may turn to the court. The trial is governed by the jurisdiction of the court. The case may be initiated before the tribunal of the domicile or place of residence of the person concerned, according to his choice. The Data Managers inform the User of the opportunity and means of remedies on request.
Budapest, July 1, 2018